Hi I did what you asked: one thing I forgot to mension is that after running combofix in both times I ran it, my machine needed a restart, and programs could not be started before that restart. The massage was about registry deletion of some sort. Anyway here's combofix:

I'm not happy with that log. The .reg keys that we wanted to unlock, are still locked up. Please provide me with a little more detail as to what you mean here: "programs could not be started before that restart."

...what programs would not start before combofix restarted the computer? You weren't trying to run something while combofix was in the midst of trying to reboot the computer...were you?

If so, please don't do a thing after combofix starts to run. It will reboot the computer automatically. Please be patient while combofix does what it is designed to do. We need to run the script again, and for more reason than just because the last run failed. The log indicates a hidden process that the rootkit scan picked up that wasn't there the first time we ran combofix. Please be sure to do nothing else with the computer except for what is instructed here. Go nowhere else on the internet except to come here and reply in this thread and open no other email except from SpywareHammer until we finish up. Otherwise, there is the chance that things can get turned sideways and we don't want to delay any positive results. Thanks for understanding.

Please open a blank Notepad...Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Hi First, sorry for the slow response, it's a very busy week. Your professional help is most appreciated and I again thank you for it, and I'm taking your instructions very seriously.

From what you wrote I see there have been some unclearness about what happened when I ran combofix, so I'm clarifying what I did and what happened. Once we are on the same I will re-run combofix if necessary. But due to the harsh nature of the situation I do not want to take any step before I know both see the same picture. :

First, to the best of my knowledge combofix did not required any reboot in my case, it ended in producing a log. Then (When a logfile popped on the screen) and only then did I do anything on the computer. I try to follow you instructions as closely as possible.

I copy-pasted of the log and...

When I tried reconnect to the internet to update Mbam using the provided ISP program I use for that (I have a cellular netstick usb modem) – clicking on desktop icons of programs would not start them. Here are the programs I tried to start

Isp program: "C:\Program Files\HSPA USB MODEM\HSPA USB MODEM.exe"

And a folder icon I used to start windows explorer that also did not start.

I would have copied the massage I got, but it was in Hebrew. What it said was something about registry keys marked for deletion that do allow starting of the program:

A reboot solved that.

As for running something along side combofix, I did not do that. I also closed anything that could be closed from the system tray.I also stopped avg. I'm joining a print screen the processes that run after doing that, let me know if anything needs killing.

Members have become infected before from foreign attachments...and I'm not suggesting that yours was malicious. I'm sure it was harmless but I make no exceptions, I hope you understand.

It's just that I have made it a habit to firmly and consistently refuse to open any attachments unless it is something I requested and was expecting and I bend backwards in the effort to keep everyone safe by having it removed.

Much better. One more now:Please open another blank Notepad then copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated and advise how the system now performs for you. Thanks!Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

...How did that happen, was it a site or an emale attack? I would very much like to know if that's possible.

It would be nearly impossible for me to determine but you could. When something like what you described suddenly occurs, you need only ask yourself "what was I doing at the time", or "what software or hardware did I just install"...in other words, just try to recall exactly what happened just prior to noticing quirky system behavior. Nine times out of ten, you would at least know if it was software/hardware, or website/email related.

I'm happy with that log now. What I'd like you to do now is to run a manual update to your on board anti-virus product and run a complete system scan. Allow the software to quarantine whatever it complains of. Reboot when finished, and post back your results. I think we can then finish this up. Thanks!

Hi I did what what you asked, I almost forgot to reboot before posting and posted the report but, in the last moment I did not send it and rebooted right after the login to the forumI hope it's still ok

You can delete these now:RogueKiller and associated folder/filesTDSSKiller and associated logsDDS and associated logs

Next, please click start-->type Run in the "Search programs and files" box. The Run box icon will appear somewhere at the top of the list. Click that icon. When the run box opens, copy and paste the Bold text below into the run box and click "OK":

ComboFix /Uninstall

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.To assist in the prevention of malicious software intrusion and infections, you can begin by reading "How to boost your malware defense and protect your PC"...

Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

A word of cautionSecurity vendors, in recent years, have partnered with "Ask.com" in providing the "Ask Toolbar" bundled with their download(s).

Although the toolbar is considered to be a Legitimate program, it is nonetheless questionable as to it's behavior. It is alleged to be spyware/adware as the behavior of this application tracks a user's history and sends "search" information to it's servers in order to provide a user with targeted search results, many of these results may also be for questionable web sites. In fairness, one should keep in mind, google does the same thing regarding search results.

This tracking is considered by many of us in the security field, to be offensive.

Some of the "Download links" that I may provide, may also contain this program bundled with it. If you choose not to use it, the bundled software will always contain an "Opt Out" measure via some checkbox. The user can check (or uncheck) this box to prevent the download.

If a user isn't cautious and may have mistakenly installed this program, it can easily be removed via the "Uninstall" string provided with the software. Detailed instructions how to remove the program can be found Here.

If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go

Yellow for caution

Red to stop

WOT has an add-on available for both Firefox and IE.

Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

Windows Vista and Windows 7 have a software firewall built in and activated by default. This native firewall is a big improvement and is fine by itself. However, there are third party software Firewalls that offer a bit more configuration options.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason. I should also mention, if you choose to use a third party firewall, make certain the Windows firewall is turned off to prevent conflict issues.

...and please remember, you should have only one of these types of third party firewalls running on board:

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. Please avoid using the "registry" cleaning feature of this utility unless you consider yourself an expert. Contrary to popular thought, the Windows Registry has no need of any "cleaning". I personally challenge anyone to show a substantial benefit from having used any of these "registry cleaning" programs. There is none. Any difference at all is so miniscule that it's nearly impossible to calculate.

On the flip side, rather than any benefit, there is the possibility of slicing out enough pieces of the registry to render things useless...and that includes the operating system.

By default, CCleaner will ask you if you want to backup what is removed, and I suggest you do just that. If you have already used this option and found that something no longer works properly, please find the backup that was created and use it to restore that particular item. Remember, using this to clean the disk is absolutely useful and beneficial. A novice needs only to use the disk cleaning feature...and avoid the registry cleaning aspect. It's not difficult...just don't bother to click the Registry button on the menu.

CCleaner is an excellent...and fast disk cleaning utility that can easily be configured to suit your needs. Often, users find a simple reboot resolves a quirky performance issue which can come about as a result of the collection of temp files while browsing the web...and if you configure CCleaner to run on start up, then your system could be kept running fast and clean with each new user session.

The Yahoo Toolbar is included by default during the installation of the CCleaner utility...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Don't forget to check your system's "defragmenter" settings. With Windows Vista, you have the option to set this as a scheduled event. It is best to have your system's "defrag" function scheduled for at least once a week.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.